Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home News

NY Fines Refuah Health for Ransomware

January 9, 2024
Reading Time: 3 mins read
in News

The New York attorney general has fined Refuah Health Center, a federally funded health center serving underserved communities, up to $450,000 in a settlement following an investigation into a 2021 ransomware attack. The agreement requires Refuah to pay at least $350,000, with a potential additional $100,000 fine suspension contingent on strengthening its cybersecurity program. Furthermore, the health center must invest over $1 million between fiscal 2024 and 2028 to enhance its information security program. The settlement exposes HIPAA privacy, security, and breach notification rule violations, including failures in decommissioning inactive user accounts, lack of multifactor authentication, and insufficient logging for user activity review.

The ransomware attack on Refuah Health Center occurred in May 2021 and was attributed to the Lorenz cybercriminal group. The investigation found lapses in security practices, such as the use of a static four-digit code to protect access to a system used for viewing security camera videos. Attackers gained remote access to Refuah’s network using stolen login credentials for an administrative account associated with a former IT vendor. Despite not working with Refuah since 2014, the vendor’s account had not been deleted or disabled, and multifactor authentication was not enabled. The attackers exfiltrated approximately a terabyte of data, affecting thousands of unencrypted files, employee emails, and patient information.

The settlement requires Refuah to appoint a qualified employee responsible for implementing, maintaining, and monitoring the information security program. This individual must report regularly to Refuah’s CEO, senior management, and board of directors. The enforcement action emphasizes the importance of robust cybersecurity measures in healthcare, particularly for entities handling sensitive patient information. The fines and investment in cybersecurity infrastructure aim to address vulnerabilities exposed by the ransomware attack and prevent future breaches, reflecting a broader trend of regulatory scrutiny on healthcare organizations’ data security practices.

Reference:
  • Investigation by LETITIA JAMES, Attorney General of the State of New York, of REFUAH HEALH CENTER, INC.
Tags: Cyber NewsCyber News 2024CybersecurityHealthcareJanuary 2024New YorkRefuahSettlement
ADVERTISEMENT

Related Posts

Salt Typhoon Hacking Linked To China

Russia Considers Google Meet Ban

August 28, 2025
Salt Typhoon Hacking Linked To China

Salt Typhoon Hacking Linked To China

August 28, 2025
Salt Typhoon Hacking Linked To China

US Appeals Sentences For Hashflare Scheme

August 28, 2025
Tokyo Meeting on North Korea IT Threat

Tokyo Meeting on North Korea IT Threat

August 27, 2025
Tokyo Meeting on North Korea IT Threat

Durov Calls France Arrest Unfair

August 27, 2025
Tokyo Meeting on North Korea IT Threat

$29M Hacking Ring Mastermind Extradited

August 27, 2025

Latest Alerts

AI Systems Used for Ransomware Attacks

Coordinated Scans Target Microsoft RDP

Shadowcaptcha Exploits WordPress Sites

MixShell Hts US Supply Chain Firms

AI Attack Hides Prompts In Images

WhatsApp Desktop Code Execution Risk

Subscribe to our newsletter

    Latest Incidents

    Swedish Towns Hit By Ransomware Attack

    Nevada Closes Offices After Cyberattack

    Doge Accused Of Mimicking SSN Info

    Auchan Retailer Reports Data Breach

    NJ Social Services Reports Data Breach

    Salesloft Breach Exposes OAuth Tokens

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial